## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Reorganized REST API documentation navigation to consolidate debugging
resources under a dedicated subsection for improved discoverability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Consolidated API key deprecation guidance into a reusable notice for
consistent messaging across docs. Announces deprecation of legacy
anon/service_role JWT-secret keys by end of 2026, instructs switching to
sb_publishable_xxx / sb_secret_xxx, and provides steps to locate and
copy both new and legacy keys. Applied across auth, getting-started,
API, and realtime guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: fadymak <dev@fadymak.com>
## What
Adds a getting-started guide for migrating an existing project from the
legacy JWT-based `anon` and `service_role` keys to the new publishable
(`sb_publishable_...`) and secret (`sb_secret_...`) keys.
The guide walks through the migration step by step:
- **Before you start** — maps legacy keys to their replacements.
- **Step 1** — create the new `default` keys.
- **Step 2 / 3** — swap the publishable key in client code and the
secret key in backend code.
- **Database Webhooks and `pg_net`** — move the key from the
`Authorization: Bearer` header to the `apikey` header (the new keys
aren't JWTs and are rejected on `Authorization`), with a Vault note for
not inlining secrets.
- **Step 4** — update Edge Functions, with two options: read the new env
vars (`SUPABASE_PUBLISHABLE_KEYS` / `SUPABASE_SECRET_KEYS`) and set
`verify_jwt = false`, or adopt the `@supabase/server` SDK.
- **Step 5 / 6** — verify nothing uses the legacy keys, then deactivate
them (reversible).
- **Next steps** — clarifies that JWT signing keys are a separate,
independent migration.
## Notes
While writing this we found Studio issues to fix separately (the Invoke
Function cURL snippet and the Database Webhooks editor both put the new
keys on the `Authorization` header).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive migration guide for moving from legacy JWT-based
API keys to the new publishable and secret keys with zero‑downtime
steps, verification, limitations, and next steps.
* Clarified API key behavior and recommended migration actions in the
getting‑started docs.
* Added a navigation entry linking to the new migration guide.
* **Style**
* Relaxed documentation lint rules to allow expected wording/phrases
(e.g., "backends", "Database Webhooks").
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
New guide at `/guides/api/handling-errors-in-supabase-js` that leads
with `error.hint` as the most useful field on a Postgres error. When the
database knows the fix (a `GRANT` statement to run for a `42501`, a
column name you probably meant), it puts the literal SQL in `hint`.
Logging only `error.message` hides it.
The guide covers the `PostgrestError` shape (fields ordered by
usefulness: hint first, message last), branching on `error.code`, and
parallel patterns for Auth, Storage, Edge Functions, and Realtime.
Linked from the API > Guides sidebar next to the existing PostgREST
error codes reference.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive guide on handling errors in supabase-js,
explaining the {data, error} pattern and recommending logging full error
objects.
* Provides a recommended error-handling pattern, guidance to branch on
error codes, and example error fields.
* Adds component-specific advice for Auth, Storage, Edge Functions, and
Realtime, plus a “Related” links section.
* Added a navigation entry so the guide appears in the API guides
submenu.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
This PR is add missing docs for the newly added wrappers:
- Cal
- Calendly
- Cloudflare D1
- DynamoDB
- Gravatar
- Hubspot
- Infura
- MySQL
- OpenApi
- Orb
- Shopify
- Slack
## What is the current behavior?
Those wrappers was added to Wrappers extension but docs links are not
updated.
## What is the new behavior?
- The missing wrappers docs are added.
- Removed the repetitive `Connecting to` title prefix in the Navigation.
- Collapse the lengthy wrappers list into a `Sources` sub navigation
item to make the UI tidy.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added guides for new federated data wrappers: Cal, Calendly,
Cloudflare D1, Gravatar, Infura, MySQL, OpenAPI, Shopify, and Slack.
* Reorganized Foreign Data Wrappers navigation menu with an improved
hierarchical structure for easier discovery of available vendor
integrations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Adds documentation for the new Logs pricing SKUs (Ingest and Query)
ahead of the July 1 launch. Part of the [O11Y Logs Pricing
RFC](https://linear.app/supabase/project/rfc-supabase-observability-product-packaging-and-pricing-77990c05a767)
rollout (PRD R6).
**This is the docs PR.** Pricing page changes (`apps/www`) and Studio
dashboard changes are separate PRs.
### New pages
- **Logs overview** (`manage-your-usage/logs.mdx`) — both SKUs at a
glance, summary pricing table, Logs vs Log Drains clarification
- **Logs Ingest detail** (`manage-your-usage/logs-ingest.mdx`) — full
billing details, invoice examples, optimization tips
- **Logs Query detail** (`manage-your-usage/logs-query.mdx`) — full
billing details, invoice examples, optimization tips
- **Pricing partials** for both SKUs (`pricing_logs_ingest.mdx`,
`pricing_logs_query.mdx`)
### Updated pages
- **Cost control** — added Logs Ingest + Logs Query to "Usage items
covered by the Spend Cap" list
- **Telemetry/logs** — added link to the new manage-usage overview page
- **Navigation sidebar** — added Logs, Logs Ingest, Logs Query entries
before Log Drains
### Notes
- Screenshots are marked as TODO placeholders — will be added once
Studio surfaces are live
- Follows the existing manage-usage page pattern (storage-size, MAU,
etc.)
- Canonical pricing: Ingest $0.50/GB over 5 GB, Query $0.002/GB over
1,000 GB (Free/Pro/Team)
## Test plan
- [x] Verify pages render at
`/docs/guides/platform/manage-your-usage/logs`, `/logs-ingest`,
`/logs-query`
- [x] Verify sidebar navigation shows new entries
- [x] Verify cost-control page lists both items under "covered by Spend
Cap"
- [x] Verify `<$Partial />` pricing tables render correctly
- [x] Verify telemetry/logs page shows new billing link
- [x] Verify no broken links
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added guides for managing Logs, Logs Ingest, and Logs Query usage with
pricing, billing scenarios, quota examples, and optimization tips
* Added Platform → Billing navigation items: Logs, Logs Ingest, Logs
Query
* Included overage pricing tables, Spend Cap coverage updates, “Coming
soon” billing caveats, clarified Logs vs. Log Drains, and linked usage
management from the Logging guide
* **Chore**
* Whitelisted "Better Stack" in spelling checks
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46095?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update (new guides + follow-up documentation fix from review
feedback).
## What is the current behavior?
There was no consolidated docs example for resumable WebSockets with
Edge Functions, and no dedicated troubleshooting guide for worker
timeouts / WebSocket drops.
## What is the new behavior?
- Adds a resumable WebSockets guide for Edge Functions, including:
- session persistence
- event replay
- idempotency pattern and schema examples
- client/server example flow
- Adds an Edge Functions troubleshooting guide for worker timeouts and
WebSocket drops.
- Updates docs navigation to surface the new guides.
- Follow-up fix from review feedback: the browser client example now
stores `sessionId` and `lastEventId` in `sessionStorage` (instead of
`localStorage`).
## Additional context
- Branch has been updated with latest `origin/master`.
- This PR remains documentation-focused; no production runtime code
changes were introduced.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a guide on resumable WebSockets covering session persistence,
event replay, idempotency patterns, SQL schema examples, and
client/server usage.
* Added a troubleshooting guide on Edge Functions worker timeouts and
WebSocket drops with scenarios, symptoms, and practical workarounds.
* Enhanced WebSocket docs with a production note on worker lifecycle and
keeping runtime promises open to avoid premature shutdown.
* Navigation updated to surface the new guides.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46178?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Lakshan Perera <lakshan@supabase.io>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Adds a consumer-side guide for hardening npm installs of @supabase/*
packages: lockfile hygiene, minimum-release-age quarantine across
pnpm/yarn/npm/bun, private registries, provenance verification,
lifecycle script controls, blocking exotic transitive refs, Edge
Functions specifics, and an incident-response checklist.
Lives at guides/security/ alongside platform-security and
product-security; filesystem-driven sidebar picks it up automatically.
Originally drafted in supabase/supabase-js#2382 and moved here per
review.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added an npm security hardening guide (lockfile & CI practices,
release-age quarantines, transitive/exotic dependency controls,
provenance verification, lifecycle-script hardening, package-manager
pinning, CI/lockfile hygiene, Deno/Edge guidance, incident-response
checklist).
* Added a navigation entry for the new guide.
* Note: guide frontmatter contains unresolved merge-conflict markers.
* **Chores**
* Expanded spelling allowlist to include common tech terms (e.g.,
lockfile, sigstore, postinstall).
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46384?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update.
## What is the current behavior?
No docs for client-side trace propagation with the JS SDK. Users with
OpenTelemetry-instrumented apps had no way to find out that supabase-js
can attach W3C Trace Context headers and that `trace_id` shows up in API
Gateway and Edge Function logs.
## What is the new behavior?
New guide at `/guides/telemetry/client-side-tracing` covering
requirements, opt-in setup (`tracePropagation: true`), advanced options,
domain scoping, where `trace_id` appears in Supabase logs, and
troubleshooting. Linked from the Logging & observability nav.
Preview:
https://docs-git-docs-otel-sdk-supabase.vercel.app/docs/guides/telemetry/client-side-tracing
## Additional context
First of several planned SDK tracing guides. When the next SDK gets one
we'll restructure into a shared `tracing/` folder.
## Summary by CodeRabbit
* **Documentation**
* New comprehensive guide for client-side trace propagation with the JS
SDK: explains W3C Trace Context header behavior, requirements, setup
steps, opt-in examples, advanced configuration, domain/security notes,
and troubleshooting when trace IDs are missing.
* Added a new "Tracing with the JS SDK" entry in the Logging &
observability navigation for easy access to the guide.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* New comprehensive guide for client-side trace propagation with the JS
SDK: explains W3C Trace Context header behavior, requirements, setup
steps, opt-in examples, advanced configuration, domain/security notes,
and troubleshooting when trace IDs are missing.
* Added a "Tracing with the JS SDK" entry under Logging & observability
for quick access.
* Documentation metadata updated to reference the latest source
snapshots.
* Lint rules updated to allow "OpenTelemetry", "Zipkin", and "noop".
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46218?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## What kind of change does this PR introduce?
Docs update. Part of DEPR-198.
## What is the current behaviour?
Auth email template examples and Studio template labels still reflect
older default copy in a few places.
## What is the new behaviour?
Updates Auth docs, local development docs, related snippets, Studio
template labels, and UI Library examples to [match the updated default
Auth email
copy](https://linear.app/supabase/document/email-template-copywriting-updates-04bba460fd2a).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated authentication email template names and descriptions across
guides, replacing "Magic link" with "Sign-in link or code" terminology
* Revised security notification email naming from "Identity
linked/unlinked" to "Sign-in method linked/removed" and "MFA method" to
"Verification method"
* Updated email template example content with improved wording (e.g.,
"Confirm your email address" instead of "Confirm your signup")
* **UI Updates**
* Refined authentication-related UI text labels and descriptions in the
dashboard
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45706)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Problem
The `_Shadcn_` suffix isn't needed anymore on `Command` components
## Solution
- Remove the `_Shadcn_` suffix
- Simplify UI package exports
- Apply prettier
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Simplified command component imports and exports across the UI library
by removing internal naming aliases and adopting direct component
references. Updated the public UI package barrel export to use wildcard
re-exports for cleaner API surface.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46153?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update.
## What is the current behavior?
The "Securing Edge Functions" guide (`/docs/guides/functions/auth`)
opens with two conceptual sections — "Understanding authorization
headers" and "The `verify_jwt` platform check" — followed by a "Common
auth patterns" section that re-implements the same four use cases twice:
once without an SDK using `Deno.serve` + manual `createClient` + manual
`Authorization` header forwarding, and again using `@supabase/server`.
The recommended path is buried below background reading and a
legacy-style implementation.
Linear: COM-235.
## What is the new behavior?
The guide now leads with practical how-tos built on `@supabase/server`:
- Authenticated user calls (`auth: 'user'`)
- Service-to-service calls (`auth: 'secret'`)
- Public functions (`auth: 'none'`)
- External webhooks (`auth: 'none'` + signature verification)
- Combining modes
- Custom error responses
- Environment variables
The two conceptual sections are extracted into a new sibling page at
`/docs/guides/functions/auth-headers` ("Authorization headers"), linked
from the top of the how-to page and added to the side nav between
"Securing your functions" and "Legacy JWT secret".
The legacy SDK-less examples are removed. The mode table uses the
unnamed forms (`'secret'`, `'publishable'`), and a note in the
service-to-service section introduces the `'secret:<name>'` /
`'publishable:<name>'` syntax for callers that want to scope to a
specific named key.
## Additional context
Each section preserves the "who calls this and why" framing from the
original (cron jobs, workers, and `pg_net` for service-to-service;
`supabase.functions.invoke` for authenticated user calls; signed webhook
providers for external webhooks).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new guide explaining Edge Functions authentication headers,
JWT validation, and API key handling
* Redesigned core authentication guide to focus on the primary wrapper
approach with clearer examples and common scenarios
* Improved navigation and added redirects to make authentication docs
easier to find and access
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45959?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## Problem
The `_Shadcn_` suffix isn't needed anymore on breadcrumb components
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Standardized breadcrumb component exports across the codebase by
removing internal aliasing and using direct component exports. No UI,
behavior, or public API changes; end-user experience unchanged.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45984)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The `_Shadcn_` suffix isn't needed anymore on `Select` components
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated internal component architecture to standardize and simplify
the codebase. These changes improve code maintainability and consistency
across the application without affecting existing functionality or user
experience.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45988)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The `_Shadcn_` suffix isn't needed anymore on label component
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Standardized Label usage across the codebase by removing the legacy
alias and using the direct Label export from the UI package
consistently.
* **Documentation**
* Updated component examples and docs to use the standardized Label
component in usage snippets and demos.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45986)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have multiple Popover components
## Solution
- [x] migrate Popover usages to Shadcn components
- Migrated JSON and text editor in the `TableEditor` (inline row
edition)
- Migrated the template popover in the logs explorer templates page
- [x] remove `_Shadcn_` suffix from Popover components (renaming +
prettier)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Unified popover implementation across the app and design system;
dropdowns, calendars, menus and tooltips now use a consistent popover
API with no visual or interaction changes.
* **Chores**
* Minor prop typing update for the logs date-picker to align with the
consolidated popover content type.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45980)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have multiple `Collapsible` components.
## Solution
Reduce their number by using only the one from shadcn.
I haven't noticed any visual nor functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Migrated expandable/collapsible UI to a unified shadcn-based
implementation for more consistent expand/collapse behavior across the
app.
* **Style**
* Updated listbox check icon sizing and removed obsolete collapsible
open/close animations.
* **Chores**
* Removed deprecated collapsible variants and consolidated UI component
surface for simpler maintenance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an "AI Tools" guides section with landing, overview, and
troubleshooting pages; guides render from Markdown.
* **Documentation**
* New AI Tools guides: local development, Quickstart, CLI overview,
troubleshooting, and detailed overview pages.
* **Chores**
* Site navigation updated to include an AI Tools entry and renamed
subsection to "AI"; added permanent redirects from prior Getting Started
AI URLs to the new AI Tools locations.
* **Bug Fixes**
* Updated internal guide links so AI prompt pages point to the new AI
Tools paths.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45795)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Greg Richardson <greg.nmr@gmail.com>
## Summary
Eliminates the Google Search Console "Missing field 'item' (in
'itemListElement')" critical error on 230 `/docs/guides/*` pages. The
schema was emitting `ListItem`s without an `item` field for intermediate
category nodes that lack a URL in the docs nav. Per [Google's
spec](https://developers.google.com/search/docs/appearance/structured-data/breadcrumb),
`item` is required on every BreadcrumbList position except the last leaf
— so url-less items are filtered out instead.
Also fixes a smaller quality gap surfaced during preview verification:
the `auth` section root in `NavigationMenu.constants.ts` was missing a
`url`, so auth trails were dropping the "Auth" breadcrumb level (`Docs >
Guides > JSON Web Tokens (JWT) > Overview` instead of `Docs > Guides >
Auth > JSON Web Tokens (JWT) > Overview`). Every other section root
already has a `url`; auth was the lone outlier.
## Testing
Tested locally via vitest (`pnpm --filter docs exec vitest run
lib/json-ld.test.ts`):
- [x] All-urls chain: every `itemListElement` has string `item` and
`name`
- [x] Leaf-url-mismatch: leaf uses `pathname` even when the chain leaf
URL differs
- [x] All-url-less chain: returns `null`
- [x] Empty chain: returns `null`
Tested on the preview deploy against 7 representative GSC-flagged paths:
- [x] `/docs/guides/getting-started/ai-prompts` — 4 positions, 0 missing
- [x] `/docs/guides/getting-started/ai-skills` — 4 positions, 0 missing
- [x] `/docs/guides/auth/jwts` — 4 positions, 0 missing (after auth fix:
includes "Auth")
- [x] `/docs/guides/auth/social-login/auth-google` — 4 positions, 0
missing (after auth fix: includes "Auth")
- [x] `/docs/guides/database/postgres-js` — 4 positions, 0 missing
- [x] `/docs/guides/storage/quickstart` — 4 positions, 0 missing
- [x]
`/docs/guides/platform/migrating-within-supabase/dashboard-restore` — 5
positions, 0 missing
Post-merge:
- [ ] validator.schema.org against deployed URL: 0 errors
- [ ] GSC "Validate fix" on the breadcrumb issue (1-2 week re-crawl
window)
## Linear
- fixes GROWTH-835
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved breadcrumb validation to filter incomplete entries and avoid
broken documentation links.
* Restored root link for the Auth navigation section so the Auth menu
item now navigates to /guides/auth.
* **Tests**
* Added comprehensive tests covering breadcrumb generation and edge
cases.
* **Refactor**
* Streamlined breadcrumb JSON‑LD schema generation for clearer output
and maintainability.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45744)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Renames the docs page title, sidebar label, description, and body text
from **"Supabase Agent Plugin"** to **"Supabase Plugin for AI coding
Agents"** across `plugins.mdx`, `ai-skills.mdx`, `mcp.mdx`, and the
navigation constants
More context in this [Slack
thread](https://supabase.slack.com/archives/C0254JUR2DU/p1778165488699219)
Close
[AI-710](https://linear.app/supabase/issue/AI-710/rename-supabase-agent-plugin-docs-title)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Renamed the AI tool throughout docs and navigation to "Supabase Plugin
for AI Coding Agents" (previously "Supabase Agent Plugin").
* Updated getting-started and plugin pages, installation guidance, and
sidebar labels to use the new name while preserving existing links and
instructions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
## Summary
Emits `BreadcrumbList` JSON-LD on every `/docs/guides/*` page served by
`GuideTemplate`. Search engines and AI crawlers get an explicit
hierarchical signal for the docs site (the marketing site already
shipped JSON-LD via #45451). The chain prepends `Docs > Guides` to the
existing resolver output, so a page like `/docs/guides/auth/passwords`
produces a 5-level chain with the leaf URL set per Google's spec.
## Changes
- New `apps/docs/lib/breadcrumbs.ts`: pure pathname → chain resolver,
server-safe. Extracted from the existing client `useBreadcrumbs` hook so
the same logic runs in both contexts.
- New `apps/docs/lib/json-ld.ts`: `serializeJsonLd` +
`breadcrumbListSchema` mirroring `apps/www/lib/json-ld.ts`.
- `Breadcrumbs.tsx` (visual) now delegates to the shared resolver —
single source of truth for visual + SEO chains.
- `GuideTemplate` takes a required `pathname` prop and emits `<script
type="application/ld+json">` next to `<Breadcrumbs />`. Skipped when the
chain is empty (e.g., page not in nav menu). Middle items without URLs
(e.g., the "Auth" section root) omit `item`, matching the visual
breadcrumb.
- 8 explicit-prop callers updated; `[[...slug]]` callers already spread
`data` (which carries `pathname`).
## Scope
**Out of scope:**
- `/docs/reference/*` (SDK reference) — no breadcrumbs rendered today,
would need separate traversal over spec JSON.
- `/guides/troubleshooting/*` — uses its own template, not
`GuideTemplate`.
- `TechArticle` per-page schema — high maintenance for marginal value.
## Testing (Vercel preview)
```bash
curl -s https://<preview>/docs/guides/auth/passwords | grep -oE '<script type="application/ld\+json"[^>]*>[^<]+</script>'
```
Expect a script tag with the chain `Docs > Guides > Auth > Flows
(How-tos) > Password-based`, leaf URL
`https://supabase.com/docs/guides/auth/passwords`.
- [x] `/docs/guides/auth/passwords` — 5-item chain, leaf URL present
- [x] `/docs/guides/getting-started/features` — 4-item chain, all items
have URLs
- [x] `/docs/guides/getting-started/ai-prompts/<slug>` — special-case
chain (`Getting started > AI Tools > Prompts > <slug>`), leaf URL falls
back to pathname
- [x] `/docs/guides/database/database-advisors` (explicit-prop caller) —
chain renders
- [x] Visual breadcrumb on the same pages still renders correctly
- [ ] Validate output through [Google Rich Results
Test](https://search.google.com/test/rich-results) on a deployed preview
URL
- [x] `/docs/guides/troubleshooting/<slug>` — no JSON-LD emitted
(different template, intentional)
## Linear
- fixes GROWTH-820
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added JSON-LD breadcrumb markup to guide pages to improve
search/discovery.
* **Improvements**
* Centralized breadcrumb generation for consistent, accurate breadcrumbs
across guides.
* Multiple guide pages updated to ensure breadcrumbs and page context
display correctly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a new `/guides/getting-started/plugins` docs page with an
`AgentPluginsPanel` component
- Per-client install instructions for Claude Code, Codex, Cursor, and
Gemini CLI
- Adds the page to the navigation under AI Tools
- Removes the Claude Code plugin subsection from the AI Skills page (now
covered here)
Closes
[AI-690](https://linear.app/supabase/issue/AI-690/agent-plugins-documentation)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive plugin installation panel to choose from multiple AI
coding agents with agent-specific setup instructions and quick links for
help/feedback.
* **Documentation**
* New "Supabase Agent Plugin" guide describing features, included
components, and one‑click installation UI.
* Navigation updated to include the Supabase Agent Plugin guide under
Getting Started → AI Tools.
* AI skills guide streamlined by removing a specific plugin install
snippet and clarifying agent compatibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This PR fixes a bug where a user might choose `classic-dark` as a theme
in `studio` but then `docs` and `marketing` apps will look weird.
To test:
- Change the localStorage value of `theme` to `classic-dark`
- Open `www` and `docs` apps, they should look ok
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new "classic-dark" theme option for enhanced visual
customization.
* **Improvements**
* Unified and simplified theme handling across apps for more consistent
behavior.
* Improved system-theme detection and smoother transitions when
switching themes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
This PR preps the monorepo for a migration to Tailwind v4:
- Bump all Tailwind dependencies and libraries to the latest possible
version, while still compatible with Tailwind 3.
- Cleans up obsolete Tailwind 3 specific options and configs.
- Cleans up unused CSS files and fixes the CSS imports.
- Migrates all `important` uses in `@apply` lines to using the `!`
prefix.
- Move `typography.css` to the `config` package and import it from the
apps.
- Migrated all occurrences of `flex-grow`, `flex-shrink`,
`overflow-clip` and `overflow-ellipsis` since they're deprecated and
will be removed in Tailwind 4.
- Make the default theme object typesafe in the `ui` package.
- Migrate all `bg-opacity`, `border-opacity`, `ring-opacity` and
`divider-opacity` to the new format where they're declared as part of
the property color.
- Bump and unify all imports of `postcss` dependency.
## Problem
In order to update to react 19, we need to update several dependencies
## Solution
- migrate to the `radix` umbrella package to ease upgrade
- update some dependencies
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Consolidated Radix UI usage to a single unified package across apps
and packages, updated package manifests and workspace catalog entries.
No user-facing behavior, visuals, or public APIs changed.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## Problem
We used to have a `_Shadcn_` suffix for all the shadcn form components
because we also had `formik` form components.
This is not needed anymore.
## Solution
- Remove the suffix
- Update all usages
Updates our documentation pages around the Data API to include
instructions on how to grant the necessary privileges across API roles
across tables and functions. Current behaviour means this is largely
unnecessary as privileges are granted by default on public schema, but
adding instructions will help cover scenarios where this isn't the case
and expose some of the underlying magic happening.
## To test:
- These updates refer to new settings that are added to the data api
that give more visibility and control over what tables and functions are
accessible via the api.
- To view these settings you'll need enable `tableEditorApiAccessToggle
` feature flag
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new "Data API" guide and removed the old "Hardening the Data
API" page
* Updated navigation links to surface the new Data API guide
* Expanded quickstarts, SDK install pages, and security guides with
step‑by‑step Data API exposure, default‑privileges, RLS guidance, and
SQL GRANT examples (including function EXECUTE notes)
* Updated troubleshooting references and added redirects for legacy
documentation paths
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: SaxonF <1072756+SaxonF@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Implements comprehensive IdP-initiated login flow support, enabling
organizations to configure SSO without email domains and support
multiple SAML apps under the same domain (e.g., Dev/Staging/Prod
environments).
- Add "Enable SP-initiated login" toggle to SSOConfig.tsx
- IdP-initiated flow is now always available (default)
- SP-initiated flow is opt-in with domain requirement
- Clear in-UI documentation explaining both flows
- Make domains optional (only required when SP-initiated enabled)
- Add form validation: domains required only if SP-initiated is ON
- Fix org-switching bug: form now resets when switching organizations
- Add organization.slug to useEffect dependencies
- Prevent stale SSO config data from previous org being displayed
- **IdP-initiated flow**: Users start login from identity provider
dashboard
- No domain configuration required
- Enables multiple SAML apps per domain
- Recommended default for enterprises
- **SP-initiated flow**: Users start login at supabase.com (opt-in)
- Requires email domain configuration
- Maintains backward compatibility
- **Both flows**: Can be enabled simultaneously for flexible access
- Organizations can now create separate SSO providers for
Dev/Staging/Prod
- Each environment = separate SAML app in IdP
- All using same email domain (e.g., company.com)
- Users access via different IdP app tiles
- No domain conflicts or subdomain requirements
- Add 4 pages to SSO sidebar menu in NavigationMenu.constants.ts:
- Understanding Login Flows (existing, now visible)
- Choosing a Login Flow (existing, now visible)
- Multiple SSO Providers (NEW comprehensive guide)
- Testing and Best Practices (existing, now visible)
Create comprehensive guide covering:
- Multi-environment patterns (Dev/Staging/Prod with same domain)
- Team separation, migration, and acquisition scenarios
- Step-by-step setup for domainless providers
- User access management and IDP app assignment strategies
- Configuration synchronization and best practices
- Troubleshooting common multi-provider issues
Major expansion of testing-best-practices.mdx:
- Fix outdated assumptions (domains no longer always required)
- Add comprehensive login flow testing section:
- IdP-initiated testing (no domains)
- SP-initiated testing (with domains)
- Domainless provider testing (multi-environment pattern)
- Enhance auto-join testing with 8 detailed test phases:
- Idempotency testing (no duplicate memberships)
- Domainless configuration testing
- Re-enablement testing (works on every login)
- Add SSO account restrictions testing section
- Add safe provider deletion testing with 4 test scenarios
- Reorganize final checklist into 6 categorized sections
Update azure.mdx, gsuite.mdx, okta.mdx:
- Remove all "(coming soon)" references
- Add guidance recommending IdP-initiated for multi-environment setups
- Clarify domains are optional for IdP-initiated flow
- Link to new Multiple SSO Providers guide
**Domain Handling:**
- Domains now optional in SSO provider configuration
- Backend: `z.array(...).optional().default([])`
- UI: Domains only required when SP-initiated toggle is ON
- Empty array sent to API when SP-initiated disabled
**Login Flow Logic:**
- IdP-initiated: Always available, uses SAML assertion directly
- SP-initiated: Requires domain lookup, opt-in only
- Both flows can coexist with same SSO provider
**Multi-Provider Support:**
- Each provider has unique ACS URL
- No domain conflicts (IdP-initiated doesn't check domains)
- Enables unlimited providers per email domain
- **Simplifies SSO setup**: No domain configuration needed by default
- **Enables multi-environment**: Dev/Staging/Prod under same domain
- **Improves UX**: One-click login from IdP dashboard
- **Maintains compatibility**: SP-initiated still available as opt-in
- **Better documentation**: Comprehensive guides for all scenarios
## UI
### SSO Disabled
<img width="742" height="329" alt="sso-disabled"
src="https://github.com/user-attachments/assets/73387777-181c-4206-9798-36f0d0790e4e"
/>
### SSO Enabled - IdP-inititated (DEFAULT)
<img width="742" height="1059" alt="sso-enabled-idp"
src="https://github.com/user-attachments/assets/c189e08f-7642-4183-8853-dd5150b8a191"
/>
### SSO Enabled - SP-intitiated
<img width="727" height="1366" alt="sso-enabled-sp"
src="https://github.com/user-attachments/assets/be5ad6dc-4803-446b-ae02-9edcbb5f42cd"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added comprehensive guides for SSO login flow selection, testing best
practices, and configuring multiple providers
* Updated provider-specific setup documentation (Okta, Azure, Google
Workspace) with refined workflows and testing recommendations
* **New Features**
* Enhanced SSO configuration interface with SP-initiated login toggle
and improved email domain management for flexible authentication flows
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Stockton <chris.stockton@supabase.io>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
